Mardi, 16 Octobre 2018
Latest news
Main » Cyber-attack threat escalating - Europol

Cyber-attack threat escalating - Europol

16 Mai 2017

The Federal government has confirmed an global cyber attack that hit at least 74 countries has reached Australia, with one local business "likely" to have been affected by malicious ransomware.

Britain's National Cyber Security Center and others were hailing the cybersecurity researcher, a 22-year-old identified online only as MalwareTech, who - unintentionally at first - discovered a so-called "kill switch" that halted the unprecedented outbreak.

The widescale attack involved ransomware, in which infiltrated computers are held hostage until a ransom is paid, in conjunction with "a worm functionality" that automatically spread the virus across global networks. "It's a big priority of mine that we protect the financial infrastructure", he said. And that's for a simple reason: Individuals and organizations alike are fundamentally awful about keeping their computers up-to-date with security fixes.

"Later we found out that the domain was supposed to be unregistered and the malware was counting on this, thus by registering it we inadvertently stopped any subsequent infections", @MalwareTechBlog told CNNTech.

That is one lesson of this global computer attack.

The companies and government agencies targeted were diverse. Since WannaCry Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software.

Usually, WannaCry Ransomware deletes all shadow copies, stored in your computer. And the hackers warned that they would delete all files on infected systems if no payment was received within seven days.

Microsoft has now sent out patches for WindowsXP in an attempt to limit the damage, while the NHS took steps over the weekend to send out the recent security updates for trusts who had not put it in place.

Worse, the malware was able to create so much chaos because it was designed to self-replicate like a virus, spreading quickly once inside university, business and government networks. Online security specialists fear the ransomware offensive - in which the hacker (s) basically takes over your computer and demands money before giving control of the machine back to you - will spread even more as office workers return to work Monday. "We will continue to work with affected (organizations) to confirm this", the agency said.

A message informing visitors of a cyber attack is displayed on the NHS website on May 12. "The other vulnerabilities are minor, but that is only at this moment and everything can change".

"B$3 ecause WannaCrypt used a single hardcoded domain, my registartion [sic] of it caused all infections globally to believe they were inside a sandbox and exit.thus we initially unintentionally prevented the spread and and further ransoming of computers infected with this malware". But attackers can, and probably will, simply develop a variant to bypass this countermeasure. "The intelligence community should develop strong procedures that when such tools leak, the immediately give relevant information to software developers and security vendors so protections can be developed before attacks are seen in the wild", said Bambanek. "Talk about a wake-up call", Hypponen said. "Part of what an organization needs to understand and assess is what those two risks are".

How can people protect their computers?

The malicious software is believed to exploit a vulnerability in Microsoft computers which was reportedly identified by the National Security Agency in the US and subsequently leaked to the internet.

While any sized company could be vulnerable, many large organizations with robust security departments would have prioritized the update that Microsoft released in March and wouldn't be vulnerable to Friday's attack.

Cyber-attack threat escalating - Europol